Physical Sciences and Mathematics Commons^™

A Targeted Study On The Match Between Cybersecurity Higher Education Offerings And Workforce Needs, Diane Murphy, Nektaria Tryfona, Andrew M. Marshall

Virginia Journal of Science

The Cybersecurity Workforce Gap is a call to action on a two-fold problem: the worldwide shortage of qualified cybersecurity workers and the need to develop a growing highly-knowledgeable, agile, well-trained cybersecurity workforce. This paper presents a methodological approach to achieve this goal in the Northern Virginia area. The area is characterized by an abundance of cyber-related industries, government agencies, and large businesses with high demand of skilled cybersecurity workers; at the same time, academic institutions offer cutting edge education and training access to highly capable students. Central to this methodology is the collaboration between local academia and industry and it …

Digital Transformation, Applications, And Vulnerabilities In Maritime And Shipbuilding Ecosystems, Rafael Diaz, Katherine Smith

VMASC Publications

The evolution of maritime and shipbuilding supply chains toward digital ecosystems increases operational complexity and needs reliable communication and coordination. As labor and suppliers shift to digital platforms, interconnection, information transparency, and decentralized choices become ubiquitous. In this sense, Industry 4.0 enables "smart digitalization" in these environments. Many applications exist in two distinct but interrelated areas related to shipbuilding design and shipyard operational performance. New digital tools, such as virtual prototypes and augmented reality, begin to be used in the design phases, during the commissioning/quality control activities, and for training workers and crews. An application relates to using Virtual Prototypes …

Ict Security Tools And Techniques Among Higher Education Institutions: A Critical Review, Miko Nuñez, Xavier-Lewis Palmer, Lucas Potter, Chris Jordan Aliac, Lemuel Clark Velasco

Electrical & Computer Engineering Faculty Publications

Higher education institutions (HEIs) are increasingly relying on digital technologies for classroom and organizational management, but this puts them at higher risk for information and communication (ICT security attacks. Recent studies show that HEIs have experienced more security breaches in ICT security composed of both cybersecurity an information security. A literature review was conducted to identify common ICT security practices in HEIs over the last decade. 11 journal articles were profiled and analyzed, revealing threats to HEIs’ security and protective measures in terms of organizational security, technological security, physical security, and standards and frameworks. Security tools and techniques were grouped …

Cybersecurity And Digital Privacy Aspects Of V2x In The Ev Charging Structure, Umit Cali, Murat Kuzlu, Onur Elma, Osman Gazi Gucluturk, Ahmet Kilic, Ferhat Ozgur Catak

Engineering Technology Faculty Publications

With the advancement of green energy technology and rising public and political acceptance, electric vehicles (EVs) have grown in popularity. Electric motors, batteries, and charging systems are considered major components of EVs. The electric power infrastructure has been designed to accommodate the needs of EVs, with an emphasis on bidirectional power flow to facilitate power exchange. Furthermore, the communication infrastructure has been enhanced to enable cars to communicate and exchange information with one another, also known as Vehicle-to-Everything (V2X) technology. V2X is positioned to become a bigger and smarter system in the future of transportation, thanks to upcoming digital technologies …

Robustembed: Robust Sentence Embeddings Using Self-Supervised Contrastive Pre-Training, Javad Asl, Eduardo Blanco, Daniel Takabi

School of Cybersecurity Faculty Publications

Pre-trained language models (PLMs) have demonstrated their exceptional performance across a wide range of natural language processing tasks. The utilization of PLM-based sentence embeddings enables the generation of contextual representations that capture rich semantic information. However, despite their success with unseen samples, current PLM-based representations suffer from poor robustness in adversarial scenarios. In this paper, we propose RobustEmbed, a self-supervised sentence embedding framework that enhances both generalization and robustness in various text representation tasks and against diverse adversarial attacks. By generating high-risk adversarial perturbations to promote higher invariance in the embedding space and leveraging the perturbation within a novel contrastive …

Digital Energy Platforms Considering Digital Privacy And Security By Design Principles, Umit Cali, Marthe Fogstad Dynge, Ahmed Idries, Sambeet Mishra, Ivanko Dmytro, Naser Hashemipour, Murat Kuzlu, Aleksandra Mileva (Ed.), Steffen Wendzel (Ed.), Virginia Franqueira (Ed.)

Engineering Technology Faculty Publications

The power system and markets have become increasingly complex, along with efforts to digitalize the energy sector. Accessing flexibility services, in particular, through digital energy platforms, has enabled communication between multiple entities within the energy system and streamlined flexibility market operations. However, digitalizing these vast and complex systems introduces new cybersecurity and privacy concerns, which must be properly addressed during the design of the digital energy platform ecosystems. More specifically, both privacy and cybersecurity measures should be embedded into all phases of the platform design and operation, based on the privacy and security by design principles. In this study, these …

A Relevance Model For Threat-Centric Ranking Of Cybersecurity Vulnerabilities, Corren G. Mccoy

Computer Science Theses & Dissertations

The relentless and often haphazard process of tracking and remediating vulnerabilities is a top concern for cybersecurity professionals. The key challenge they face is trying to identify a remediation scheme specific to in-house, organizational objectives. Without a strategy, the result is a patchwork of fixes applied to a tide of vulnerabilities, any one of which could be the single point of failure in an otherwise formidable defense. This means one of the biggest challenges in vulnerability management relates to prioritization. Given that so few vulnerabilities are a focus of real-world attacks, a practical remediation strategy is to identify vulnerabilities likely …

Cyber Resilience Analytics For Cyber-Physical Systems, Md Ariful Haque

Electrical & Computer Engineering Theses & Dissertations

Cyber-physical systems (CPSs) are complex systems that evolve from the integrations of components dealing with physical processes and real-time computations, along with networking. CPSs often incorporate approaches merging from different scientific fields such as embedded systems, control systems, operational technology, information technology systems (ITS), and cybernetics. Today critical infrastructures (CIs) (e.g., energy systems, electric grids, etc.) and other CPSs (e.g., manufacturing industries, autonomous transportation systems, etc.) are experiencing challenges in dealing with cyberattacks. Major cybersecurity concerns are rising around CPSs because of their ever-growing use of information technology based automation. Often the security concerns are limited to probability-based possible attack …

Cyber Deception For Critical Infrastructure Resiliency, Md Ali Reza Al Amin

Computational Modeling & Simulation Engineering Theses & Dissertations

The high connectivity of modern cyber networks and devices has brought many improvements to the functionality and efficiency of networked systems. Unfortunately, these benefits have come with many new entry points for attackers, making systems much more vulnerable to intrusions. Thus, it is critically important to protect cyber infrastructure against cyber attacks. The static nature of cyber infrastructure leads to adversaries performing reconnaissance activities and identifying potential threats. Threats related to software vulnerabilities can be mitigated upon discovering a vulnerability and-, developing and releasing a patch to remove the vulnerability. Unfortunately, the period between discovering a vulnerability and applying a …

Predictors Of Email Response: Determinants Of The Intention Of Not Following Security Recommendations, Miguel Angel Toro-Jarrin

Engineering Management & Systems Engineering Theses & Dissertations

Organizations and government leaders are concerned about cyber incidents. For some time, researchers have studied what motivates people to act in ways that put the confidentiality, integrity, and availability of information in organizations at risk. Still, several areas remained unexplored, including the role of employees’ evaluation of the organizational systems and the role of value orientation at work as precursors of secure and insecure actions in relation to information technologies (information security [IS] action). The objective of this research project was to examine how the evaluations of formal and informal security norms are associated with the intention to follow them …

Deapsecure Computational Training For Cybersecurity: Third-Year Improvements And Impacts, Bahador Dodge, Jacob Strother, Rosby Asiamah, Karina Arcaute, Wirawan Purwanto, Masha Sosonkina, Hongyi Wu

Modeling, Simulation and Visualization Student Capstone Conference

The Data-Enabled Advanced Training Program for Cybersecurity Research and Education (DeapSECURE) was introduced in 2018 as a non-degree training consisting of six modules covering a broad range of cyberinfrastructure techniques, including high performance computing, big data, machine learning and advanced cryptography, aimed at reducing the gap between current cybersecurity curricula and requirements needed for advanced research and industrial projects. By its third year, DeapSECURE, like many other educational endeavors, experienced abrupt changes brought by the COVID-19 pandemic. The training had to be retooled to adapt to fully online delivery. Hands-on activities were reformatted to accommodate self-paced learning. In this paper, …

Medical Devices And Cybersecurity, Hilary Finch

School of Cybersecurity Posters

I begin by looking at the role of cybersecurity in the medical world. The healthcare industry adopted information technology quite quickly. While the advancement was obviously beneficial and necessary to keep up with an ever-growing demand, the healthcare industry did not place any kind of pointed focus on the security of their IT department, or the sensitive information housed therein.

When rapid advancements of technology outpaced the gradual advancement of hospital cybersecurity, security concerns became a difficult issue to control. There is a serious need for more advancements in hospital security. Each interconnected medical device has its own unique security …

Quantifying Cyber Risk By Integrating Attack Graph And Impact Graph, Omer F. Keskin

Engineering Management & Systems Engineering Theses & Dissertations

Being a relatively new risk source, models to quantify cyber risks are not well developed; therefore, cyber risk management in most businesses depends on qualitative assessments. With the increase in the economic consequences of cyber incidents, the importance of quantifying cyber risks has increased. Cyber risk quantification is also needed to establish communication among decision-makers of different levels of an enterprise, from technical personnel to top management.

The goal of this research is to build a probabilistic cybersecurity risk analysis model that relates attack propagation with impact propagation through internal dependencies and allows temporal analysis.

The contributions of the developed …

Cybersecurity Legislation And Ransomware Attacks In The United States, 2015-2019, Joseph Skertic

Graduate Program in International Studies Theses & Dissertations

Ransomware has rapidly emerged as a cyber threat which costs the global economy billions of dollars a year. Since 2015, ransomware criminals have increasingly targeted state and local government institutions. These institutions provide critical infrastructure – e.g., emergency services, water, and tax collection – yet they often operate using outdated technology due to limited budgets. This vulnerability makes state and local institutions prime targets for ransomware attacks. Many states have begun to realize the growing threat from ransomware and other cyber threats and have responded through legislative action. When and how is this legislation effective in preventing ransomware attacks? This …

Cybersecurity Risk Assessment Using Graph Theoretical Anomaly Detection And Machine Learning, Goksel Kucukkaya

Engineering Management & Systems Engineering Theses & Dissertations

The cyber domain is a great business enabler providing many types of enterprises new opportunities such as scaling up services, obtaining customer insights, identifying end-user profiles, sharing data, and expanding to new communities. However, the cyber domain also comes with its own set of risks. Cybersecurity risk assessment helps enterprises explore these new opportunities and, at the same time, proportionately manage the risks by establishing cyber situational awareness and identifying potential consequences. Anomaly detection is a mechanism to enable situational awareness in the cyber domain. However, anomaly detection also requires one of the most extensive sets of data and features …

Role Of Artificial Intelligence In The Internet Of Things (Iot) Cybersecurity, Murat Kuzlu, Corinne Fair, Ozgur Guler

Engineering Technology Faculty Publications

In recent years, the use of the Internet of Things (IoT) has increased exponentially, and cybersecurity concerns have increased along with it. On the cutting edge of cybersecurity is Artificial Intelligence (AI), which is used for the development of complex algorithms to protect networks and systems, including IoT systems. However, cyber-attackers have figured out how to exploit AI and have even begun to use adversarial AI in order to carry out cybersecurity attacks. This review paper compiles information from several other surveys and research papers regarding IoT, AI, and attacks with and against AI and explores the relationship between these …

Deapsecure Computational Training For Cybersecurity Students: Improvements, Mid-Stage Evaluation, And Lessons Learned, Wirawan Purwanto, Yuming He, Jewel Ossom, Qiao Zhang, Liuwan Zhu, Karina Arcaute, Masha Sosonkina, Hongyi Wu

University Administration Publications

DeapSECURE is a non-degree computational training program that provides a solid high-performance computing (HPC) and big-data foundation for cybersecurity students. DeapSECURE consists of six modules covering a broad spectrum of topics such as HPC platforms, big-data analytics, machine learning, privacy-preserving methods, and parallel programming. In the second year of this program, to improve the learning experience, we implemented a number of changes, such as grouping modules into two broad categories, "big-data" and "HPC"; creating a single cybersecurity storyline across the modules; and introducing post-workshop (optional) "hackshops." Two major goals of these changes are, firstly, to effectively engage students to maintain …

The Effects Of Security Framing, Time Pressure, And Brand Familiarity On Risky Mobile Application Downloads, Cody Parker

Psychology Theses & Dissertations

The current study examined the effects of security system framing, time pressure, and brand familiarity on mobile application download behaviors, with an emphasis on risk taking. According to the Prospect Theory, people tend to engage in irrational decision making, and make qualitatively different decisions when information is framed in terms of gains and losses (i.e., the framing effect). Past research has used this framing effect to guide the design of a risk display for mobile applications (apps), with the purpose of communicating the potential risks and minimizing insecure app selections. Time pressure has been shown to influence the framing effect …

A Survey On Securing Personally Identifiable Information On Smartphones, Dar’Rell Pope, Yen-Hung (Frank) Hu, Mary Ann Hoppa

Virginia Journal of Science

With an ever-increasing footprint, already topping 3 billion devices, smartphones have become a huge cybersecurity concern. The portability of smartphones makes them convenient for users to access and store personally identifiable information (PII); this also makes them a popular target for hackers. This survey shares practical insights derived from analyzing 16 real-life case studies that exemplify: the vulnerabilities that leave smartphones open to cybersecurity attacks; the mechanisms and attack vectors typically used to steal PII from smartphones; the potential impact of PII breaches upon all parties involved; and recommended defenses to help prevent future PII losses. The contribution of this …

Account Recovery Methods For Two-Factor Authentication (2fa): An Exploratory Study, Lauren Nicole Tiller

Psychology Theses & Dissertations

System administrators have started to adopt two-factor authentication (2FA) to increase user account resistance to cyber-attacks. Systems with 2FA require users to verify their identity using a password and a second-factor authentication device to gain account access. This research found that 60% of users only enroll one second-factor device to their account. If a user’s second factor becomes unavailable, systems are using different procedures to ensure its authorized owner recovers the account. Account recovery is essentially a bypass of the system’s main security protocols and needs to be handled as an alternative authentication process (Loveless, 2018). The current research aimed …

Topical Review Of Vulnerability Management For Local Hampton Roads Industry, Gregory W. Hubbard Jr., Matthew Eunice

OUR Journal: ODU Undergraduate Research Journal

The progress towards an interconnected digital world offers an exciting level of advancement for humanity. Unfortunately, this “online” connection is not safe from the threats and dangers typically associated with physical operations. With the foundation of Cyber Command of DoD cyberspace, the United States Government is taking a prominent stance in cyberspace operations. Like the federal government, both industries and individuals are not immune and are oftentimes unknowingly at risk to cyberattack. This report hopes to bring awareness to common vulnerabilities in multi-user networks by describing a historical background on cyber security as well as outlining current methods of vulnerability …

Study Of The Feasibility Of A Virtual Environment For Home User Cybersecurity, Sean Powell

OUR Journal: ODU Undergraduate Research Journal

This research focuses on the average home computer user’s ability to download, install and manage a virtual machine software program. The findings of this research is to be used as a foundation to the possibility of using a virtual machine software program as another form of defense for the home user’s computer. Virtual machines already have various uses, some in the cybersecurity field; this possibility could add another useful application for the software program. This research is conducted by monitoring volunteers’ ability to download, install, set up, and perform basic instructions on the virtual environment. It was from the volunteers’ …

Cybersecurity Education Through Technological And Engineering Literacy Standards, Philip A. Reed, Steven A. Barbato

STEMPS Faculty Publications

No abstract provided.

Information Privacy: Not Just Gdpr, Danilo Bruschi

Computer Ethics - Philosophical Enquiry (CEPE) Proceedings

The "information rush" which is characterizing the current phase of the information age calls for actions aimed at enforcing the citizens' right to privacy. Since the entire information life-cycle (collection, manipulation, storing) is now carried out by digital technologies, most of such actions consists of the adoption of severe measures (both organizational and technological) aimed at improving the security of computer systems, as in the case of the EU General Data Protection Regulation. Usually, data processors which comply with these requirements are exempted by any other duty. Unfortunately recent trends in the computer attack field show that even the adoption …

Cyber Security- A New Secured Password Generation Algorithm With Graphical Authentication And Alphanumeric Passwords Along With Encryption, Akash Rao

Electrical & Computer Engineering Theses & Dissertations

Graphical passwords are always considered as an alternative of alphanumeric passwords for their better memorability and usability [1]. Alphanumeric passwords provide an adequate amount of satisfaction, but they do not offer better memorability compared to graphical passwords [1].

On the other hand, graphical passwords are considered less secured and provide better memorability [1]. Therefore many researchers have researched on graphical passwords to overcome the vulnerability. One of the most significant weaknesses of the graphical passwords is "Shoulder Surfing Attack," which means, sneaking into a victim's computer to learn the whole password or part of password or some confidential information. Such …

Teaching Hands-On Cyber Defense Labs To Middle School And High School Students: Our Experience From Gencyber Camps, Peng Jiang, Xin Tian, Chunsheng Xin, Wu He

Electrical & Computer Engineering Faculty Publications

With the high demand of the nation for next generation cybersecurity experts, it is important to design and provide hands-on labs for students at the K-12 level in order to increase their interest in cybersecurity and enhance their confidence in learning cybersecurity skills at the young age. This poster reports some preliminary analysis results from the 2016 GenCyber summer camp held at Old Dominion University (ODU), which is part of a nationwide grant program funded by the National Security Agency (NSA) and the National Science Foundation (NSF). This poster also demonstrates the design of three hands-on labs which have been …